Troubleshooting
Problem
After SSL certificates are updated on the LDAP server, the IBM Cognos® Content Manager server is unable connect to the LDAP server and fails with the following exception:
['LDAP_Namespacename']
[ ERROR ] CAM-AAA-0146 The namespace 'LDAP_Namespace' is not available.
[ ERROR ] CAM-AAA-0064 The function 'Configure' failed.
[ ERROR ] The user cannot access the application at this time.
[ ERROR ] CAM-AAA-0056 Unable to authenticate.
[ ERROR ] CAM-AAA-0064 The function 'LDAPHandlePool::CreateHandle()' failed.
[ ERROR ] CAM-AAA-0026 The function call to 'ldap_simple_bind_s' failed with error code: '81'
[ ERROR ] Can't contact LDAP server
['LDAP_Namespacename']
[ ERROR ] AAA-AUT-0013 The user is already authenticated in all available namespaces.
Symptom
The IBM Cognos® server fails to start due to this connection issue and the CAM-AAA-0026 The function call to 'ldap_simple_bind_s' failed with error code: '81' error displays in the startup details.
Cause
In this particular scenario, the server certificate 'CA.cert C,C,C' was missing in the cert8.db certificate database.
Environment
IBM Cognos® installed on Windows®, Linux®, or AIX®
LDAP namespace secured with SSL
Diagnosing The Problem
- View the certificates inside the cert8.db database by issuing the following command:
certutil -L -d /location of the cert database/
- Verify whether both the directory server certificate file and the server certificate file are contained in the cert8.db database
Correctly imported certificates appear as follows in the cert8.db database:
directory_server_certificate.cert P
CA.cert C,C,C
Resolving The Problem
If either of the certificate files directory_server_certificate.cert P, or CA.cert C,C,C is missing in the cert8.db database take the following steps:
A) Add the missing certificate manually to the cert8.db database with the following commands:
Command for adding directory_server_certificate.cer
certutil -A -n z certificate_name -t ",," -d location of the cert database -i /new certificate location/NEWcert.cer -t P
Command for adding server certificate file CA.cer
certutil -A -n certificate_name-t ",," -d location of the cert database -i /new certificate location/NEWcert.cer -t C,C,C
B) Review the contents of the cert8.db database to confirm both the certificates were added to the cert8.db database.
certutil -L -d /location of the cert database/
C) Once verified close Cognos® Configuration and relaunch it.
D) Test the LDAP namespace connection.
Related Information
Document Location
Worldwide
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSTSF6","label":"IBM Cognos Analytics"},"ARM Category":[{"code":"a8m0z000000bn5EAAQ","label":"Administration->Security->SSL \\ TLS"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)","Line of Business":{"code":"LOB10","label":"Data and AI"}}]
Product Synonym
Cognos Analytics;LDAPS
Was this topic helpful?
Document Information
Modified date:
06 May 2021
UID
ibm16205948